I created an azure vnet with 2 subnets, then I created two app services inside one of the subnet. I thought the web app won't be accessible from the internet, but I can navigate to the app via it's url and the page loads.
I want to make the two website (app services) private and I'd like to use App Gateway to be the only public entry point. Could you advice how can I do that and if that's a good idea, please?
Created Application gateway added two App service in backend pool:
Set up routing rules to define how incoming requests should be directed to the backend pool, Add listener and backend targets like below:
In backend setting:
In backend target add your path-based routing click on Add Multiple targets to create a path-based rule and configure like below:
Once deployed, In virtual machine add Service endpoint Microsoft.web to subnet like below:
In Application gateway -> healthy probes add HTTP protocol, host and appropriate path and add your backend setting like below:
Now, you can your backend are in healthy state
In backend setting make sure to select override with host name as yes and pick hostname from backend target verify the custom probe like below:
In app service -> under Networking -> Access restriction you can restrict app service it shows as 403 error, and you can use App Gateway to be the only public entry point.
.
when I hit the public Ip address in Application gateway App service are redirected successfully like below:
Reference:
Azure Application Gateway architecture with multiple App Services by Ratko cosic
